@opensaas/keystone-nextjs-auth 20.3.0 → 21.0.0
Sign up to get free protection for your applications and to get access to all the features.
- package/CHANGELOG.md +19 -0
- package/README.md +5 -3
- package/dist/declarations/src/gql/getBaseAuthSchema.d.ts +1 -3
- package/dist/declarations/src/index.d.ts +4 -4
- package/dist/declarations/src/pages/NextAuthPage.d.ts +16 -9
- package/dist/declarations/src/schema.d.ts +1 -3
- package/dist/declarations/src/templates/auth.d.ts +4 -12
- package/dist/declarations/src/types.d.ts +17 -20
- package/dist/opensaas-keystone-nextjs-auth.cjs.dev.js +87 -74
- package/dist/opensaas-keystone-nextjs-auth.cjs.prod.js +85 -74
- package/dist/opensaas-keystone-nextjs-auth.esm.js +85 -74
- package/package.json +7 -7
- package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.cjs.dev.js +36 -29
- package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.cjs.prod.js +36 -29
- package/pages/NextAuthPage/dist/opensaas-keystone-nextjs-auth-pages-NextAuthPage.esm.js +36 -29
- package/src/gql/getBaseAuthSchema.ts +0 -4
- package/src/index.ts +71 -61
- package/src/pages/NextAuthPage.tsx +58 -37
- package/src/schema.ts +0 -22
- package/src/templates/auth.ts +11 -28
- package/src/templates/next-config.ts +3 -0
- package/src/types.ts +20 -21
- package/src/gql/getInitFirstItemSchema.ts +0 -81
package/CHANGELOG.md
CHANGED
@@ -1,5 +1,24 @@
|
|
1
1
|
# @opensaas-keystone/nextjs-auth
|
2
2
|
|
3
|
+
## 21.0.0
|
4
|
+
|
5
|
+
### Major Changes
|
6
|
+
|
7
|
+
- 4119c1c: Add ability to configure custom pages use `pages` configuration
|
8
|
+
- 4119c1c: Move `userMap` `accountMap` and `userMap` into a resolver function - `resolver` function takes in `{user,account,profile}` and returns a object that is passed in to create the identity
|
9
|
+
|
10
|
+
## 20.5.0
|
11
|
+
|
12
|
+
### Minor Changes
|
13
|
+
|
14
|
+
- e2e7122: upgrade keystone to `1.1.0`
|
15
|
+
|
16
|
+
## 20.4.0
|
17
|
+
|
18
|
+
### Minor Changes
|
19
|
+
|
20
|
+
- 80ba444: Add `getToken` to keystone `get session` to enable JWT in Authorization header
|
21
|
+
|
3
22
|
## 20.3.0
|
4
23
|
|
5
24
|
### Minor Changes
|
package/README.md
CHANGED
@@ -44,9 +44,11 @@ const auth = createAuth({
|
|
44
44
|
identityField: 'subjectId',
|
45
45
|
sessionData: `id name email`,
|
46
46
|
autoCreate: true,
|
47
|
-
|
48
|
-
|
49
|
-
|
47
|
+
resolver: async ({user, profile, account}) => {
|
48
|
+
const username = user.name as string;
|
49
|
+
const email = user.email as string;
|
50
|
+
return { email, username };
|
51
|
+
},
|
50
52
|
keystonePath: '/admin',
|
51
53
|
sessionSecret,
|
52
54
|
providers: [
|
@@ -1,9 +1,7 @@
|
|
1
1
|
import type { BaseItem } from '@keystone-6/core/types';
|
2
2
|
import { graphql } from '@keystone-6/core';
|
3
|
-
|
4
|
-
export declare function getBaseAuthSchema({ listKey, gqlNames, base, }: {
|
3
|
+
export declare function getBaseAuthSchema({ listKey, base, }: {
|
5
4
|
listKey: string;
|
6
|
-
gqlNames: AuthGqlNames;
|
7
5
|
base: graphql.BaseSchemaMeta;
|
8
6
|
}): {
|
9
7
|
extension: {
|
@@ -1,11 +1,11 @@
|
|
1
1
|
import { BaseListTypeInfo, KeystoneConfig } from '@keystone-6/core/types';
|
2
|
-
import { AuthConfig,
|
2
|
+
import { AuthConfig, KeystoneOAuthConfig } from './types';
|
3
3
|
/**
|
4
4
|
* createAuth function
|
5
5
|
*
|
6
6
|
* Generates config for Keystone to implement standard auth features.
|
7
7
|
*/
|
8
|
-
export type { NextAuthProviders,
|
9
|
-
export declare function createAuth<GeneratedListTypes extends BaseListTypeInfo>({
|
10
|
-
withAuth: (keystoneConfig: KeystoneConfig) =>
|
8
|
+
export type { NextAuthProviders, KeystoneOAuthConfig } from './types';
|
9
|
+
export declare function createAuth<GeneratedListTypes extends BaseListTypeInfo>({ autoCreate, cookies, identityField, listKey, keystonePath, pages, resolver, providers, sessionData, sessionSecret, }: AuthConfig<GeneratedListTypes>): {
|
10
|
+
withAuth: (keystoneConfig: KeystoneConfig) => KeystoneOAuthConfig;
|
11
11
|
};
|
@@ -1,18 +1,25 @@
|
|
1
|
+
import { CookiesOptions, EventCallbacks, PagesOptions } from 'next-auth';
|
1
2
|
import type { KeystoneListsAPI } from '@keystone-6/core/types';
|
2
3
|
import { Provider } from 'next-auth/providers';
|
3
|
-
|
4
|
+
import { JWTOptions } from 'next-auth/jwt';
|
5
|
+
declare type CoreNextAuthPageProps = {
|
6
|
+
autoCreate: boolean;
|
7
|
+
cookies?: Partial<CookiesOptions>;
|
8
|
+
events?: Partial<EventCallbacks>;
|
4
9
|
identityField: string;
|
5
|
-
|
6
|
-
providers: Provider[];
|
7
|
-
query: KeystoneListsAPI<any>;
|
8
|
-
sessionData: string;
|
10
|
+
jwt?: Partial<JWTOptions>;
|
9
11
|
listKey: string;
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
12
|
+
pages?: Partial<PagesOptions>;
|
13
|
+
providers?: Provider[];
|
14
|
+
resolver?: Function | undefined;
|
15
|
+
sessionData: string | undefined;
|
14
16
|
sessionSecret: string;
|
15
17
|
};
|
18
|
+
declare type NextAuthGglProps = {
|
19
|
+
mutationName?: string;
|
20
|
+
query?: KeystoneListsAPI<any>;
|
21
|
+
};
|
22
|
+
export declare type NextAuthPageProps = CoreNextAuthPageProps & NextAuthGglProps;
|
16
23
|
export default function NextAuthPage(props: NextAuthPageProps): any;
|
17
24
|
export declare const getNextAuthPage: (props: NextAuthPageProps) => () => any;
|
18
25
|
export {};
|
@@ -1,7 +1,5 @@
|
|
1
1
|
import { ExtendGraphqlSchema } from '@keystone-6/core/types';
|
2
|
-
|
3
|
-
export declare const getSchemaExtension: ({ identityField, listKey, gqlNames, }: {
|
2
|
+
export declare const getSchemaExtension: ({ listKey, }: {
|
4
3
|
identityField: string;
|
5
4
|
listKey: string;
|
6
|
-
gqlNames: AuthGqlNames;
|
7
5
|
}) => ExtendGraphqlSchema;
|
@@ -1,12 +1,4 @@
|
|
1
|
-
import {
|
2
|
-
|
3
|
-
|
4
|
-
|
5
|
-
sessionData: any;
|
6
|
-
listKey: string;
|
7
|
-
autoCreate: boolean;
|
8
|
-
userMap: any;
|
9
|
-
accountMap: any;
|
10
|
-
profileMap: any;
|
11
|
-
sessionSecret: string;
|
12
|
-
}) => string;
|
1
|
+
import { NextAuthPageProps } from '../pages/NextAuthPage';
|
2
|
+
declare type AuthTemplateOptions = NextAuthPageProps;
|
3
|
+
export declare const authTemplate: ({ autoCreate, identityField, listKey, sessionData, sessionSecret, }: AuthTemplateOptions) => string;
|
4
|
+
export {};
|
@@ -1,42 +1,39 @@
|
|
1
1
|
import { BaseListTypeInfo, KeystoneConfig } from '@keystone-6/core/types';
|
2
|
+
import { CookiesOptions, PagesOptions } from 'next-auth';
|
2
3
|
import { Provider } from 'next-auth/providers';
|
3
|
-
export declare type AuthGqlNames = {
|
4
|
-
CreateInitialInput: string;
|
5
|
-
createInitialItem: string;
|
6
|
-
authenticateItemWithPassword: string;
|
7
|
-
ItemAuthenticationWithPasswordResult: string;
|
8
|
-
ItemAuthenticationWithPasswordSuccess: string;
|
9
|
-
ItemAuthenticationWithPasswordFailure: string;
|
10
|
-
};
|
11
4
|
export declare type NextAuthSession = {
|
12
5
|
listKey: string;
|
13
6
|
itemId: string;
|
14
7
|
data: any;
|
15
8
|
};
|
16
9
|
export declare type NextAuthProviders = Provider[];
|
17
|
-
declare type
|
10
|
+
declare type KeytoneOAuthOptions = {
|
18
11
|
providers: NextAuthProviders;
|
12
|
+
pages?: Partial<PagesOptions>;
|
13
|
+
};
|
14
|
+
declare type NextAuthOptions = {
|
15
|
+
cookies?: Partial<CookiesOptions>;
|
16
|
+
resolver: any;
|
19
17
|
};
|
20
|
-
export declare type
|
18
|
+
export declare type KeystoneOAuthConfig = KeystoneConfig & KeytoneOAuthOptions & NextAuthOptions;
|
21
19
|
export declare type AuthConfig<GeneratedListTypes extends BaseListTypeInfo> = {
|
20
|
+
/** Auth Create users in Keystone DB from Auth Provider */
|
21
|
+
autoCreate: boolean;
|
22
|
+
/** Adds ability to customize cookie options, for example, to facilitate cross-subdomain functionality */
|
23
|
+
cookies?: Partial<CookiesOptions>;
|
22
24
|
/** The key of the list to authenticate users with */
|
23
25
|
listKey: GeneratedListTypes['key'];
|
24
26
|
/** The path of the field the identity is stored in; must be text-ish */
|
25
27
|
identityField: GeneratedListTypes['fields'];
|
26
|
-
/** Session data population */
|
27
|
-
sessionData?: string;
|
28
|
-
/** Auth Create users in Keystone DB from Auth Provider */
|
29
|
-
autoCreate: boolean;
|
30
|
-
/** Map User in next-auth to item */
|
31
|
-
userMap: any;
|
32
|
-
/** Map Account in next-auth to item */
|
33
|
-
accountMap: any;
|
34
|
-
/** Map Profile in next-auth to item */
|
35
|
-
profileMap: any;
|
36
28
|
/** Path for Keystone interface */
|
37
29
|
keystonePath?: string;
|
30
|
+
pages?: any;
|
38
31
|
/** Providers for Next Auth */
|
39
32
|
providers: NextAuthProviders;
|
33
|
+
/** Resolver for user to define their profile */
|
34
|
+
resolver?: Function | undefined;
|
35
|
+
/** Session data population */
|
36
|
+
sessionData?: string | undefined;
|
40
37
|
/** Next-Auth Session Secret */
|
41
38
|
sessionSecret: string;
|
42
39
|
};
|
@@ -5,15 +5,17 @@ Object.defineProperty(exports, '__esModule', { value: true });
|
|
5
5
|
var _objectSpread = require('@babel/runtime/helpers/objectSpread2');
|
6
6
|
var _objectWithoutProperties = require('@babel/runtime/helpers/objectWithoutProperties');
|
7
7
|
var _includesInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/includes');
|
8
|
+
var _indexOfInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/index-of');
|
9
|
+
var _Object$values = require('@babel/runtime-corejs3/core-js-stable/object/values');
|
8
10
|
var _mapInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/map');
|
9
11
|
var _JSON$stringify = require('@babel/runtime-corejs3/core-js-stable/json/stringify');
|
10
12
|
var _URL = require('@babel/runtime-corejs3/core-js-stable/url');
|
11
13
|
var url = require('url');
|
12
14
|
var react = require('next-auth/react');
|
15
|
+
var jwt = require('next-auth/jwt');
|
13
16
|
var cookie = require('cookie');
|
14
17
|
var ejs = require('ejs');
|
15
18
|
var _filterInstanceProperty = require('@babel/runtime-corejs3/core-js-stable/instance/filter');
|
16
|
-
var graphql = require('graphql');
|
17
19
|
var core = require('@keystone-6/core');
|
18
20
|
|
19
21
|
function _interopDefault (e) { return e && e.__esModule ? e : { 'default': e }; }
|
@@ -37,6 +39,8 @@ function _interopNamespace(e) {
|
|
37
39
|
}
|
38
40
|
|
39
41
|
var _includesInstanceProperty__default = /*#__PURE__*/_interopDefault(_includesInstanceProperty);
|
42
|
+
var _indexOfInstanceProperty__default = /*#__PURE__*/_interopDefault(_indexOfInstanceProperty);
|
43
|
+
var _Object$values__default = /*#__PURE__*/_interopDefault(_Object$values);
|
40
44
|
var _mapInstanceProperty__default = /*#__PURE__*/_interopDefault(_mapInstanceProperty);
|
41
45
|
var _JSON$stringify__default = /*#__PURE__*/_interopDefault(_JSON$stringify);
|
42
46
|
var _URL__default = /*#__PURE__*/_interopDefault(_URL);
|
@@ -54,6 +58,9 @@ module.exports = withPreconstruct({
|
|
54
58
|
typescript: {
|
55
59
|
ignoreBuildErrors: true,
|
56
60
|
},
|
61
|
+
env: {
|
62
|
+
NEXTAUTH_URL: process.env.NEXTAUTH_URL || 'http://localhost:<%= process.env.PORT || 3000 %><%= keystonePath || '' %>/api/auth',
|
63
|
+
},
|
57
64
|
eslint: {
|
58
65
|
ignoreDuringBuilds: true,
|
59
66
|
},
|
@@ -109,7 +116,6 @@ const nextConfigTemplate = ({
|
|
109
116
|
|
110
117
|
function getBaseAuthSchema({
|
111
118
|
listKey,
|
112
|
-
gqlNames,
|
113
119
|
base
|
114
120
|
}) {
|
115
121
|
const extension = {
|
@@ -149,22 +155,12 @@ function getBaseAuthSchema({
|
|
149
155
|
}
|
150
156
|
|
151
157
|
const getSchemaExtension = ({
|
152
|
-
|
153
|
-
listKey,
|
154
|
-
gqlNames
|
158
|
+
listKey
|
155
159
|
}) => core.graphql.extend(base => {
|
156
160
|
var _context;
|
157
161
|
|
158
|
-
const uniqueWhereInputType = graphql.assertInputObjectType(base.schema.getType(`${listKey}WhereUniqueInput`));
|
159
|
-
const identityFieldOnUniqueWhere = uniqueWhereInputType.getFields()[identityField];
|
160
|
-
|
161
|
-
if ((identityFieldOnUniqueWhere === null || identityFieldOnUniqueWhere === void 0 ? void 0 : identityFieldOnUniqueWhere.type) !== graphql.GraphQLString && (identityFieldOnUniqueWhere === null || identityFieldOnUniqueWhere === void 0 ? void 0 : identityFieldOnUniqueWhere.type) !== graphql.GraphQLID) {
|
162
|
-
throw new Error(`createAuth was called with an identityField of ${identityField} on the list ${listKey} ` + `but that field doesn't allow being searched uniquely with a String or ID. ` + `You should likely add \`isIndexed: 'unique'\` ` + `to the field at ${listKey}.${identityField}`);
|
163
|
-
}
|
164
|
-
|
165
162
|
const baseSchema = getBaseAuthSchema({
|
166
163
|
listKey,
|
167
|
-
gqlNames,
|
168
164
|
base
|
169
165
|
});
|
170
166
|
return _filterInstanceProperty__default["default"](_context = [baseSchema.extension]).call(_context, x => x !== undefined);
|
@@ -176,44 +172,35 @@ import { query } from '.keystone/api';
|
|
176
172
|
import keystoneConfig from '../../../../../keystone';
|
177
173
|
|
178
174
|
export default getNextAuthPage({
|
175
|
+
autoCreate: <%= autoCreate %>,
|
179
176
|
identityField: '<%= identityField %>',
|
180
|
-
sessionData: '<%= sessionData %>',
|
181
177
|
listKey: '<%= listKey %>',
|
182
|
-
|
183
|
-
accountMap: <%- JSON.stringify(accountMap) %>,
|
184
|
-
profileMap: <%- JSON.stringify(profileMap) %>,
|
185
|
-
autoCreate: <%= autoCreate %>,
|
186
|
-
sessionSecret: '<%= sessionSecret %>',
|
178
|
+
pages: keystoneConfig.pages,
|
187
179
|
providers: keystoneConfig.providers,
|
188
180
|
query,
|
181
|
+
resolver: keystoneConfig.resolver,
|
182
|
+
sessionData: '<%= sessionData %>',
|
183
|
+
sessionSecret: '<%= sessionSecret %>',
|
189
184
|
});
|
190
185
|
`;
|
191
186
|
const authTemplate = ({
|
192
|
-
|
187
|
+
autoCreate,
|
193
188
|
identityField,
|
194
|
-
sessionData,
|
195
189
|
listKey,
|
196
|
-
|
197
|
-
userMap,
|
198
|
-
accountMap,
|
199
|
-
profileMap,
|
190
|
+
sessionData,
|
200
191
|
sessionSecret
|
201
192
|
}) => {
|
202
193
|
const authOut = ejs__default["default"].render(template, {
|
203
|
-
gqlNames,
|
204
194
|
identityField,
|
205
195
|
sessionData,
|
206
196
|
listKey,
|
207
197
|
autoCreate,
|
208
|
-
userMap,
|
209
|
-
accountMap,
|
210
|
-
profileMap,
|
211
198
|
sessionSecret
|
212
199
|
});
|
213
200
|
return authOut;
|
214
201
|
};
|
215
202
|
|
216
|
-
const _excluded = ["get"];
|
203
|
+
const _excluded = ["get", "start"];
|
217
204
|
/**
|
218
205
|
* createAuth function
|
219
206
|
*
|
@@ -221,31 +208,21 @@ const _excluded = ["get"];
|
|
221
208
|
*/
|
222
209
|
|
223
210
|
function createAuth({
|
224
|
-
listKey,
|
225
|
-
identityField,
|
226
|
-
sessionData,
|
227
211
|
autoCreate,
|
228
|
-
|
229
|
-
|
230
|
-
|
212
|
+
cookies,
|
213
|
+
identityField,
|
214
|
+
listKey,
|
231
215
|
keystonePath,
|
216
|
+
pages,
|
217
|
+
resolver,
|
232
218
|
providers,
|
219
|
+
sessionData,
|
233
220
|
sessionSecret
|
234
221
|
}) {
|
235
222
|
// The protectIdentities flag is currently under review to see whether it should be
|
236
223
|
// part of the createAuth API (in which case its use cases need to be documented and tested)
|
237
224
|
// or whether always being true is what we want, in which case we can refactor our code
|
238
225
|
// to match this. -TL
|
239
|
-
const gqlNames = {
|
240
|
-
// Core
|
241
|
-
authenticateItemWithPassword: `authenticate${listKey}WithPassword`,
|
242
|
-
ItemAuthenticationWithPasswordResult: `${listKey}AuthenticationWithPasswordResult`,
|
243
|
-
ItemAuthenticationWithPasswordSuccess: `${listKey}AuthenticationWithPasswordSuccess`,
|
244
|
-
ItemAuthenticationWithPasswordFailure: `${listKey}AuthenticationWithPasswordFailure`,
|
245
|
-
// Initial data
|
246
|
-
CreateInitialInput: `CreateInitial${listKey}Input`,
|
247
|
-
createInitialItem: `createInitial${listKey}`
|
248
|
-
};
|
249
226
|
const customPath = !keystonePath || keystonePath === '/' ? '' : keystonePath;
|
250
227
|
/**
|
251
228
|
* pageMiddleware
|
@@ -262,16 +239,14 @@ function createAuth({
|
|
262
239
|
context,
|
263
240
|
isValidSession
|
264
241
|
}) => {
|
242
|
+
var _context;
|
243
|
+
|
265
244
|
const {
|
266
245
|
req,
|
267
246
|
session
|
268
247
|
} = context;
|
269
248
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
|
270
249
|
|
271
|
-
if (pathname === `${customPath}/api/__keystone_api_build`) {
|
272
|
-
return;
|
273
|
-
}
|
274
|
-
|
275
250
|
if (isValidSession) {
|
276
251
|
if (pathname === `${customPath}/api/auth/signin`) {
|
277
252
|
return {
|
@@ -290,7 +265,11 @@ function createAuth({
|
|
290
265
|
return;
|
291
266
|
}
|
292
267
|
|
293
|
-
if (
|
268
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/') || _includesInstanceProperty__default["default"](pathname).call(pathname, '/api/auth/')) {
|
269
|
+
return;
|
270
|
+
}
|
271
|
+
|
272
|
+
if (!session && !_includesInstanceProperty__default["default"](pathname).call(pathname, `${customPath}/api/auth/`) && !(_indexOfInstanceProperty__default["default"](_context = _Object$values__default["default"](pages)).call(_context, pathname) > -1)) {
|
294
273
|
return {
|
295
274
|
kind: 'redirect',
|
296
275
|
to: `${customPath}/api/auth/signin`
|
@@ -312,14 +291,10 @@ function createAuth({
|
|
312
291
|
mode: 'write',
|
313
292
|
outputPath: 'pages/api/auth/[...nextauth].js',
|
314
293
|
src: authTemplate({
|
315
|
-
|
294
|
+
autoCreate,
|
316
295
|
identityField,
|
317
|
-
sessionData,
|
318
296
|
listKey,
|
319
|
-
|
320
|
-
userMap,
|
321
|
-
accountMap,
|
322
|
-
profileMap,
|
297
|
+
sessionData,
|
323
298
|
sessionSecret
|
324
299
|
})
|
325
300
|
}, {
|
@@ -338,7 +313,8 @@ function createAuth({
|
|
338
313
|
*/
|
339
314
|
|
340
315
|
|
341
|
-
const publicPages = [`${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`];
|
316
|
+
const publicPages = [`${customPath}/api/__keystone_api_build`, `${customPath}/api/auth/csrf`, `${customPath}/api/auth/signin`, `${customPath}/api/auth/callback`, `${customPath}/api/auth/session`, `${customPath}/api/auth/providers`, `${customPath}/api/auth/signout`, `${customPath}/api/auth/error`]; // TODO: Add Provider Types
|
317
|
+
// @ts-ignore
|
342
318
|
|
343
319
|
function addPages(provider) {
|
344
320
|
const name = provider.id;
|
@@ -356,8 +332,7 @@ function createAuth({
|
|
356
332
|
|
357
333
|
const extendGraphqlSchema = getSchemaExtension({
|
358
334
|
identityField,
|
359
|
-
listKey
|
360
|
-
gqlNames
|
335
|
+
listKey
|
361
336
|
});
|
362
337
|
/**
|
363
338
|
* validateConfig
|
@@ -371,7 +346,9 @@ function createAuth({
|
|
371
346
|
if (listConfig === undefined) {
|
372
347
|
const msg = `A createAuth() invocation specifies the list "${listKey}" but no list with that key has been defined.`;
|
373
348
|
throw new Error(msg);
|
374
|
-
} // TODO: Check
|
349
|
+
} // TODO: Check if providers
|
350
|
+
// TODO: Check other required commands/data
|
351
|
+
// TODO: Check for String-like typing for identityField? How?
|
375
352
|
// TODO: Validate that the identifyField is unique.
|
376
353
|
// TODO: If this field isn't required, what happens if I try to log in as `null`?
|
377
354
|
|
@@ -379,9 +356,9 @@ function createAuth({
|
|
379
356
|
const identityFieldConfig = listConfig.fields[identityField];
|
380
357
|
|
381
358
|
if (identityFieldConfig === undefined) {
|
382
|
-
const
|
359
|
+
const identityFieldName = _JSON$stringify__default["default"](identityField);
|
383
360
|
|
384
|
-
const msg = `A createAuth() invocation for the "${listKey}" list specifies ${
|
361
|
+
const msg = `A createAuth() invocation for the "${listKey}" list specifies ${identityFieldName} as its identityField but no field with that key exists on the list.`;
|
385
362
|
throw new Error(msg);
|
386
363
|
}
|
387
364
|
};
|
@@ -397,18 +374,46 @@ function createAuth({
|
|
397
374
|
|
398
375
|
|
399
376
|
const withItemData = _sessionStrategy => {
|
400
|
-
const
|
377
|
+
const {
|
378
|
+
get,
|
379
|
+
start
|
380
|
+
} = _sessionStrategy,
|
381
|
+
sessionStrategy = _objectWithoutProperties(_sessionStrategy, _excluded);
|
401
382
|
|
402
383
|
return _objectSpread(_objectSpread({}, sessionStrategy), {}, {
|
384
|
+
start: async ({
|
385
|
+
res
|
386
|
+
}) => {
|
387
|
+
console.log('start');
|
388
|
+
const session = await start({
|
389
|
+
res
|
390
|
+
});
|
391
|
+
return session;
|
392
|
+
},
|
403
393
|
get: async ({
|
404
394
|
req
|
405
395
|
}) => {
|
396
|
+
var _req$headers$authoriz;
|
397
|
+
|
406
398
|
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname;
|
407
399
|
|
408
400
|
if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/api/auth')) {
|
409
401
|
return;
|
410
402
|
}
|
411
403
|
|
404
|
+
if (((_req$headers$authoriz = req.headers.authorization) === null || _req$headers$authoriz === void 0 ? void 0 : _req$headers$authoriz.split(' ')[0]) === 'Bearer') {
|
405
|
+
var _token$data;
|
406
|
+
|
407
|
+
const token = await jwt.getToken({
|
408
|
+
req,
|
409
|
+
secret: sessionSecret
|
410
|
+
});
|
411
|
+
|
412
|
+
if (token !== null && token !== void 0 && (_token$data = token.data) !== null && _token$data !== void 0 && _token$data.id) {
|
413
|
+
return token;
|
414
|
+
}
|
415
|
+
}
|
416
|
+
|
412
417
|
const nextSession = await react.getSession({
|
413
418
|
req
|
414
419
|
});
|
@@ -429,6 +434,7 @@ function createAuth({
|
|
429
434
|
secure: process.env.NODE_ENV === 'production',
|
430
435
|
path: '/',
|
431
436
|
sameSite: 'lax',
|
437
|
+
// TODO: Update parse to URL
|
432
438
|
domain: url__default["default"].parse(req.url).hostname
|
433
439
|
}));
|
434
440
|
}
|
@@ -465,19 +471,23 @@ function createAuth({
|
|
465
471
|
},
|
466
472
|
enableSessionItem: true,
|
467
473
|
isAccessAllowed: async context => {
|
468
|
-
var _context$req,
|
474
|
+
var _context$req, _keystoneConfig$ui3;
|
469
475
|
|
470
|
-
|
476
|
+
const {
|
477
|
+
req
|
478
|
+
} = context;
|
479
|
+
const pathname = url__default["default"].parse(req === null || req === void 0 ? void 0 : req.url).pathname; // Allow nextjs scripts and static files to be accessed without auth
|
480
|
+
|
481
|
+
if (_includesInstanceProperty__default["default"](pathname).call(pathname, '/_next/')) {
|
471
482
|
return true;
|
472
|
-
} // Allow
|
473
|
-
// even if the user isn't logged in (which should always be the case if they're seeing /init)
|
483
|
+
} // Allow keystone to access /api/__keystone_api_build for hot reloading
|
474
484
|
|
475
485
|
|
476
|
-
|
477
|
-
|
478
|
-
|
479
|
-
|
480
|
-
return
|
486
|
+
if (process.env.NODE_ENV !== 'production' && ((_context$req = context.req) === null || _context$req === void 0 ? void 0 : _context$req.url) !== undefined && new _URL__default["default"](context.req.url, 'http://example.com').pathname === `${customPath}/api/__keystone_api_build`) {
|
487
|
+
return true;
|
488
|
+
}
|
489
|
+
|
490
|
+
return (_keystoneConfig$ui3 = keystoneConfig.ui) !== null && _keystoneConfig$ui3 !== void 0 && _keystoneConfig$ui3.isAccessAllowed ? keystoneConfig.ui.isAccessAllowed(context) : context.session !== undefined;
|
481
491
|
}
|
482
492
|
});
|
483
493
|
}
|
@@ -487,8 +497,11 @@ function createAuth({
|
|
487
497
|
const existingExtendGraphQLSchema = keystoneConfig.extendGraphqlSchema;
|
488
498
|
return _objectSpread(_objectSpread({}, keystoneConfig), {}, {
|
489
499
|
ui,
|
490
|
-
|
500
|
+
cookies,
|
491
501
|
providers,
|
502
|
+
pages,
|
503
|
+
resolver,
|
504
|
+
session,
|
492
505
|
lists: _objectSpread({}, keystoneConfig.lists),
|
493
506
|
experimental: _objectSpread(_objectSpread({}, keystoneConfig.experimental), {}, {
|
494
507
|
generateNodeAPI: true
|